Hello Micky, what you are referring to is a trust store. Having a "secure" connection without knowing that it points to the correct recipient is completely pointless. Instead of eavesdropping on the connection, everybody could just pretend to be the recipient and receive the data directly. No, AFAIK you cannot open SSL connections without a trust store.
The reason that you don't have to load a trust store for HttpsURLConnection is that Java has a default trust store which it loads automatically. That's the one which will be accessed by SSLSocketFacory.getSocketFactory(). cheers, Roland --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
